1996-01-10 - Re: A weakness in PGP signatures, and a suggested solution (long)
Header Data
From: Philippe VIJGHEN <phv@bim.be>
To: N/A
Message Hash: 9675fff39e992c490f66fe350fcacc9a96b991f7a5bc726cdddb3e8ea7396c40
Message ID: <30F37F39.480@bim.be>
Reply To: <199601030407.UAA12551@comsec.com>
UTC Datetime: 1996-01-10 23:04:45 UTC
Raw Date: Wed, 10 Jan 96 15:04:45 PST
Raw message
From: Philippe VIJGHEN <phv@bim.be>
Date: Wed, 10 Jan 96 15:04:45 PST
Subject: Re: A weakness in PGP signatures, and a suggested solution (long)
In-Reply-To: <199601030407.UAA12551@comsec.com>
Message-ID: <30F37F39.480@bim.be>
MIME-Version: 1.0
Content-Type: text/plain
You are right but the question is: what do you want to sign/encipher,
the message body or the whole message exchange?
We thinked about this when we developed a piece of software
for the European Space Agency which is called EDIDOC server
(Electronic Data Interchange of Documents).
In our case, SMTP header signing was anyway not acceptable
because we needed to support various communication means.
I won't go into too much details but EDIDOC is acting as
a central server for information exchange with value added as:
- a clearing house
- security gateway
- communication gateway
- a gateway at document format level
- groupware aspects
Roughly,
- a clearing house:
everything exchange is logged in the server db
- security gateway
...this requires of course trusting of the server
but people with different security packages can send/receive
"secured message" (signature, enciphering) to/from
the server without worrying of the recipient/originator
configuration. Only the server public key need to be known
by the partners.
- communication gateway:
Various ways of transmitting the messages to/from the server
depending of partner configuration.
This means that although, as you pointed out, the envelope
must be secured itself it can not be the envelope
specific to the communication method used (SMTP, X.400,...)
-> usefull information can not be stored at the level
of the communication method header (ex. SMTP) but is
included in the secured body (originator, destinator,
timestamp, subject, ....)
Only the strict minimal information is included in the
SMTP, X.400, FTP, floppy, a.s.o. "headers".
Our envelope is structured according to a SGML DTD.
- a gateway at document format level
Server is doing conformance checking of documents and
can even down-translate them based on the recipient
settings (some will expect SGML, other ones EDIFACT, other
ones ASCII, other partners WP, .... depending of the
type of document)
- groupware aspects
complex scenarios (as chain of approval, document review, ...)
may be implemented at the server level
For more information, send an e-mail to edidoc-info@bim.be
ESA/ESRIN has some information at http://www.esrin.esa.it
BIM Engineering as a home page (http://www.bim.be) which should
"soon" include information about the server
Philippe VIJGHEN
BIM Engineering Europe
Thread
Return to January 1996
- Return to “ckey2@eng.ua.edu (Christopher R. Key)”
- Return to “david@sternlight.com (David Sternlight)”
- Return to “David Mazieres <dm@amsterdam.lcs.mit.edu>”
- Return to “dlv@bwalk.dm.com (Dr. Dimitri Vulis)”
- Return to “galactus@stack.urc.tue.nl (Arnoud “Galactus” Engelfriet)”
- Return to “Guy Geens <ggeens@elis.rug.ac.be>”
- Return to “Jeffrey Goldberg <cc047@Cranfield.ac.uk>”
- Return to “Jiri Baum <jirib@sweeney.cs.monash.edu.au>”
- Return to “mdeindl@vnet.ibm.com ((Michael Deindl))”
- Return to “Philippe VIJGHEN <phv@bim.be>”
Return to “Rich Graves <llurch@Networking.Stanford.EDU>”
- 1996-01-03 (Wed, 3 Jan 1996 21:09:58 +0800) - A weakness in PGP signatures, and a suggested solution (long) - dlv@bwalk.dm.com (Dr. Dimitri Vulis)
- 1996-01-10 (Thu, 11 Jan 1996 05:26:59 +0800) - Re: A weakness in PGP signatures, and a suggested solution (long) - david@sternlight.com (David Sternlight)
- 1996-01-10 (Wed, 10 Jan 96 15:04:45 PST) - Re: A weakness in PGP signatures, and a suggested solution (long) - Philippe VIJGHEN <phv@bim.be>
- 1996-01-11 (Thu, 11 Jan 96 09:18:32 PST) - Re: A weakness in PGP signatures, and a suggested solution (long) - Jeffrey Goldberg <cc047@Cranfield.ac.uk>
- 1996-01-13 (Fri, 12 Jan 96 18:52:41 PST) - Re: A weakness in PGP signatures, and a suggested solution (long) - Rich Graves <llurch@Networking.Stanford.EDU>
- 1996-01-13 (Fri, 12 Jan 96 18:52:51 PST) - Re: A weakness in PGP signatures, and a suggested solution (long) - Guy Geens <ggeens@elis.rug.ac.be>
- 1996-01-13 (Sun, 14 Jan 1996 03:46:30 +0800) - Re: A weakness in PGP signatures, and a suggested solution (long) - David Mazieres <dm@amsterdam.lcs.mit.edu>
- 1996-01-14 (Sun, 14 Jan 96 13:49:19 PST) - Re: A weakness in PGP signatures, and a suggested solution (long) - galactus@stack.urc.tue.nl (Arnoud “Galactus” Engelfriet)
- 1996-01-16 (Wed, 17 Jan 1996 04:10:39 +0800) - Re: A weakness in PGP signatures, and a suggested solution (long) - ckey2@eng.ua.edu (Christopher R. Key)
- 1996-01-17 (Wed, 17 Jan 1996 08:52:07 +0800) - Re: A weakness in PGP signatures, and a suggested solution (long) - Jiri Baum <jirib@sweeney.cs.monash.edu.au>
- 1996-01-18 (Thu, 18 Jan 1996 15:05:40 +0800) - Re: A weakness in PGP signatures, and a suggested solution (long) - mdeindl@vnet.ibm.com ((Michael Deindl))